TECHNICAL PUBLICATIONS:

Is it too late for PAKE?

W2SP 2009

We revisit the idea of applying Password Authenticated Key Exchange (PAKE) protocols to web authentication. A PAKE protocol is a cryptographic protocol that allows two parties who share knowledge of a password to mutually authenticate each other and establish a shared key, without explicitly revealing the password in the process. One hope of using PAKE protocols for web authentication is to help make it easier for users to authenticate websites and reduce the attack surface of social engineering attacks against their accounts.